All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"cve": [{"id": "CVE-2007-2586", "type": "cve", "title": "CVE-2007-2586", "description": "The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.", "published": "2007-05-09T20:19:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2586", "cvelist": ["CVE-2007-2586"], "lastseen": "2017-10-11T11:07:09"}], "osvdb": [{"id": "OSVDB:35334", "type": "osvdb", "title": "Cisco IOS FTP Server Unspecified File Manipulation", "description": "## Vulnerability Description\nIOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an unspecified condition in the FTP server which allows a remote attacker to download a copy of the startup-config file, which will disclose configuration information resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version recommended in the vendr advisory, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nIOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an unspecified condition in the FTP server which allows a remote attacker to download a copy of the startup-config file, which will disclose configuration information resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml)\nSecurity Tracker: 1018030\n[Secunia Advisory ID:25199](https://secuniaresearch.flexerasoftware.com/advisories/25199/)\n[Related OSVDB ID: 35335](https://vulners.com/osvdb/OSVDB:35335)\nOther Advisory URL: http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a00808399ea.html\nNews Article: http://www.eweek.com/article2/0,1759,2130100,00.asp\nNews Article: http://www.networkworld.com/news/2007/051107-cisco-ftp-ios-hacker-backdoor.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0115.html\nKeyword: CSCek55259\nFrSIRT Advisory: ADV-2007-1749\n[CVE-2007-2586](https://vulners.com/cve/CVE-2007-2586)\nBugtraq ID: 23885\n", "published": "2007-05-09T06:33:23", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:35334", "cvelist": ["CVE-2007-2586"], "lastseen": "2017-04-28T13:20:31"}], "openvas": [{"id": "OPENVAS:9999996", "type": "openvas", "title": "Cisco IOS FTP Server Authentication Bypass Vulnerability", "description": "The Cisco IOS FTP server is enabled on the remote system.\n\nDescription :\n\nThe FTP server does not properly verify authentication, allowing\nfor anonymous access to the file system. An attacker could use\nthe ftp server to view/download confidential configuration files, or upload \nreplacements which will be used at startup.", "published": "2008-08-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=9999996", "cvelist": ["CVE-2007-2586"], "lastseen": "2017-09-29T14:09:30"}], "nessus": [{"id": "CISCO-SA-20070509-IOSFTPHTTP.NASL", "type": "nessus", "title": "Multiple Vulnerabilities in the IOS FTP Server", "description": "The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.\nThe IOS FTP Server is an optional service that is disabled by default.\nDevices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.\nThese vulnerabilities do not apply to the IOS FTP Client feature.", "published": "2010-09-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49003", "cvelist": ["CVE-2007-2587", "CVE-2007-2586"], "lastseen": "2017-12-04T23:08:54"}], "cisco": [{"id": "CISCO-SA-20070509-IOSFTP", "type": "cisco", "title": "Multiple Vulnerabilities in the IOS FTP Server", "description": "The Cisco IOS FTP Server feature contains multiple vulnerabilities that\n\t can result in a denial of service (DoS) condition, improper verification of\n\t user credentials, and the ability to retrieve or write any file from the device\n\t filesystem, including the device's saved configuration. This configuration file\n\t may include passwords or other sensitive information.\n \n The IOS FTP Server is an optional service that is disabled by default.\n\t Devices that are not specifically configured to enable the IOS FTP Server\n\t service are unaffected by these vulnerabilities.\n \n This vulnerability does not apply to the IOS FTP Client feature.\n\n \n This advisory is posted at\n\t http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070509-iosftp[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070509-iosftp\"].", "published": "2007-05-09T16:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070509-iosftp", "cvelist": ["CVE-2007-2586", "CVE-2007-2587"], "lastseen": "2017-12-25T20:07:12"}]}}